thanks again....heres the logs....btw, all my file folders can only be opened up by right clicking then select open...i cant just click to open them without it going to the search folder first....any ideas how to fix this?
ComboFix 08-03-26.3 - user 2008-03-28 17:08:28.5 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
-- Script messages for sUBs --
MTEE /+ d-delA.dat
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.
2008-03-26 13:11 . 2007-07-13 17:25 27,072 --a------ C:\WINDOWS\system32\drivers\PCASp50.sys
2008-03-15 17:36 . 2008-03-15 17:36 <DIR> d-------- C:\Documents and Settings\user\Application Data\Alien Skin
2008-03-14 14:14 . 2008-03-14 14:14 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2008-03-13 15:06 . 2008-03-13 15:06 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-03-13 14:18 . 2008-03-14 14:13 3,082 --a------ C:\WINDOWS\system32\affv9869p2now.sys
2008-03-13 10:48 . 2008-03-13 10:48 <DIR> d-------- C:\WINDOWS\Freecorder Toolbar
2008-03-13 10:48 . 2008-03-13 10:48 <DIR> d-------- C:\Program Files\Freecorder Toolbar
2008-03-13 10:48 . 2008-03-13 15:08 <DIR> d-------- C:\Program Files\Freecorder
2008-03-13 10:47 . 2008-03-13 10:47 <DIR> d-------- C:\Program Files\Replay Media Catcher
2008-03-13 10:45 . 2008-03-13 10:46 <DIR> d-------- C:\Documents and Settings\user\Application Data\GetRightToGo
2008-03-13 10:44 . 2008-03-13 10:44 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-03-13 10:44 . 2008-03-13 15:06 <DIR> d-------- C:\Program Files\FLV Player
2008-03-13 10:42 . 2008-03-13 13:25 <DIR> d-------- C:\Program Files\Smart FLV Converter
2008-03-12 17:48 . 2008-03-12 17:48 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-03-12 08:33 . 2008-03-12 08:33 <DIR> d-------- C:\Program Files\Sophos
2008-03-12 07:44 . 2008-03-12 07:46 62,316,260 --a------ C:\backup.reg
2008-03-11 21:10 . 2008-03-11 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-03-11 21:05 . 2008-03-11 21:05 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-03-11 21:05 . 2008-03-11 21:05 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-03-11 21:05 . 2002-01-05 07:48 974,848 --------- C:\WINDOWS\system32\mfc70.dll
2008-03-11 21:05 . 2002-01-05 07:10 57,344 --------- C:\WINDOWS\system32\mfc70enu.dll
2008-03-11 21:04 . 2008-03-11 21:04 <DIR> d-------- C:\Program Files\Macromedia
2008-03-11 17:26 . 2008-03-11 17:26 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2008-03-11 17:25 . 2008-03-12 17:24 <DIR> d-------- C:\E-Zsoft
2008-03-11 17:05 . 2008-03-11 17:05 <DIR> d-------- C:\Documents and Settings\user\Application Data\vlc
2008-03-11 16:32 . 2008-03-14 14:47 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-03-11 16:31 . 2008-03-11 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2008-03-11 12:48 . 2008-03-11 12:48 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-03-11 12:37 . 2008-03-11 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-11 12:35 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-03-11 12:35 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-11 12:35 . 2008-03-11 12:48 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-11 12:30 . 2008-03-11 12:35 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-11 12:30 . 2008-03-11 12:30 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-11 12:30 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-03-11 12:30 . 2008-03-28 06:13 353,366 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-03-11 12:21 . 2008-03-28 16:59 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-09 14:55 . 2008-03-09 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-09 14:16 . 2008-03-09 14:16 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-03-09 14:16 . 2008-03-09 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-09 14:15 . 2008-03-09 14:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-09 10:10 . 2008-03-09 10:10 <DIR> d-------- C:\_OTMoveIt
2008-03-09 08:13 . 2008-03-09 08:45 <DIR> d-------- C:\SDFix
2008-03-08 08:03 . 2008-03-08 08:45 1,292 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-08 05:15 . 2008-03-08 05:15 <DIR> d-------- C:\Deckard
2008-03-07 09:43 . 2008-03-07 09:43 <DIR> d-------- C:\Program Files\Files-Secure
2008-03-07 08:55 . 2008-03-07 09:30 45 --a------ C:\amp.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 22:01 --------- d-----w C:\Documents and Settings\user\Application Data\AVG7
2008-03-26 03:06 --------- d-----w C:\Program Files\Telstra
2008-03-17 09:50 --------- d-----w C:\Program Files\DX-Ball
2008-03-14 04:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-14 03:33 2,019,328 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-11 11:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 00:22 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-08 11:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 02:41 --------- d-----w C:\Program Files\Acoustica MP3 CD Burner
2008-02-13 21:53 --------- d-----w C:\Documents and Settings\user\Application Data\MSN6
2008-02-04 05:13 --------- d-----w C:\Program Files\wgcenter
2008-02-04 03:59 --------- d-----w C:\Program Files\Trend Micro
2008-01-29 12:12 --------- d-----w C:\Documents and Settings\user\Application Data\TuneUp Software
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-11 12:48 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-03-11 12:48 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-03-11 12:48 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-13 16:10 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 11:19 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-24 09:19 385024]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"BigPondWirelessBroadbandCM"="C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-01-29 14:38 2166784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-07-17 06:26 13312]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 09:28 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2003-07-17 06:37 51200 C:\WINDOWS\system32\narrator.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Office Startup.lnk]
backup=C:\WINDOWS\pss\Office Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-06-13 16:10 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2006-10-04 06:47 88209 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-01 13:32 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-03-30 07:45 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-04-10 00:03 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-24 09:19 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMBooster.Net]
C:\Program Files\RAMBooster.Net\RAMBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-06-21 14:06 1318912 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MS NET Service"=2 (0x2)
"gusvc"=3 (0x3)
"aawservice"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Microsoft Windows Driver"=C:\WINDOWS\rundll32.exe
"Microsoft Oftice"=C:\WINDOWS\System32\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"Windows Networking Monitoring"=C:\WINDOWS\System32\mdm.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
R3 cmusbnet;WAN Driver @ 3GPP (6280);C:\WINDOWS\System32\DRIVERS\cmusbnet.sys [2007-06-22 10:54]
R3 cmusbser;%CMUSBSER%;C:\WINDOWS\System32\DRIVERS\cmusbser.sys [2006-12-13 19:31]
R3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;C:\WINDOWS\System32\drivers\cwbmidi.sys [2001-08-17 22:19]
R3 cwbwdm_device;Crystal WDM Audio Codec Driver;C:\WINDOWS\System32\drivers\cwbwdm.sys [2001-08-17 22:19]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\System32\2.tmp []
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\System32\DRIVERS\NtApm.sys [2003-07-17 06:27]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\PCASp50.sys [2007-07-13 17:25]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 07:15:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-28 17:20:11
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\System32\2.tmp"
.
Completion time: 2008-03-28 17:26:23
ComboFix-quarantined-files.txt 2008-03-28 07:26:15
ComboFix2.txt 2008-03-27 20:22:22
Pre-Run: 2,125,348,864 bytes free
Post-Run: 2,109,210,624 bytes free
.
2007-10-03 00:13:48 --- E O F ---
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: Intel Pentium II processor
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 127.55 MiB / 44.83 MiB
Pagefile Memory (total/avail): 307.97 MiB / 104.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.34 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 8.03 GiB total, 2.12 GiB free.
D: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - ST38410A - 8.03 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 8.03 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GX0PICTZSNYEMMO
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\GX0PICTZSNYEMMO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0502
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=GX0PICTZSNYEMMO
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
user
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BigPond ADSL SIK 5.6 Files --> C:\Program Files\Telstra\sikuninst.exe
BigPond Wireless Broadband 2.10.4 --> MsiExec.exe /I{4FDE2E3A-3CB0-4098-B8D0-ED3CA3E22777}
Blaze Media Pro --> "C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
DX-Ball 1.09 --> C:\PROGRA~1\DX-Ball\UNWISE.EXE C:\PROGRA~1\DX-Ball\INSTALL.LOG
Files Secure --> C:\Program Files\Files-Secure\Uninstall.exe
Freecorder Toolbar 3.0 Application --> "C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.14.12 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Fireworks MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Nero 7 Essentials --> MsiExec.exe /I{F17F7703-1E72-40C1-A0DD-E5B365661033}
Smart FLV Converter 2.1 --> "C:\Program Files\Smart FLV Converter\unins000.exe"
Sophos Anti-Rootkit 1.3.1 --> C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World Gaming Center Version 2.1.2 with Gamescript Files --> "C:\Program Files\wgcenter\unins000.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
-- Application Event Log -------------------------------------------------------
Event Record #/Type2874 / Error
Event Submitted/Written: 03/28/2008 05:52:30 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: 0x2ee7
Event Record #/Type2864 / Success
Event Submitted/Written: 03/28/2008 06:49:09 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type2818 / Success
Event Submitted/Written: 03/27/2008 01:19:42 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type2790 / Success
Event Submitted/Written: 03/26/2008 03:51:23 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type2789 / Error
Event Submitted/Written: 03/26/2008 03:48:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application LimeWire.exe, version 1.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1319 / Error
Event Submitted/Written: 03/28/2008 05:40:25 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 121.216.230.254 for the Network Card with network address 00A0C6000000 has been
denied by the DHCP server 124.179.182.49 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type1315 / Error
Event Submitted/Written: 03/28/2008 05:37:34 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053
Event Record #/Type1314 / Error
Event Submitted/Written: 03/28/2008 05:37:34 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
Event Record #/Type1313 / Error
Event Submitted/Written: 03/28/2008 05:37:01 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053
Event Record #/Type1312 / Error
Event Submitted/Written: 03/28/2008 05:37:01 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
-- End of Deckard's System Scanner: finished at 2008-03-28 17:58:03 ------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:23 PM, on 28/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\Utility\Application\QMICM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bigpond.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/...UI.cab55579.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zon...kr.cab56986.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) -
http://zone.msn.com/...dy.cab55579.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/...at.cab55579.cabO16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) -
http://zone.msn.com/...of.cab55579.cabO16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games Texas Holdem Poker) -
http://zone.msn.com/...he.cab60231.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn...ro.cab56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) -
http://zone.msn.com/...xy.cab55579.cabO17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6362 bytes